Description

Microsoft Internet Information Services (IIS) installs a file named service.cnf. This file may contain sensitive information, which could allow a remote attacker to launch further attacks.

Remediation

Remove the service.cnf file from the web server or restrict access to this file.

References

Microsoft Internet Information Services Web page

Related Vulnerabilities

WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)

WordPress Plugin Count per Day Information Disclosure (3.2.5)

WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

CVS Detected

Severity

Low

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure